Page 9 of 58340 results (0.082 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

11 Jun 2025 — Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Damage Cleanup Engine, which runs within the Trend Micro Common Client Real-time Scan Service. ... An attacker can leverage this vulnerability to escalate privileg... • https://success.trendmicro.com/en-US/solution/KA-0019917 • CWE-269: Improper Privilege Management •

CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0

11 Jun 2025 — Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/en-US/solution/KA-0019917 • CWE-427: Uncontrolled Search Path Element •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

11 Jun 2025 — An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Endpoint Encryption. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://success.trendmicro.com/en-US/solution/KA-0019928 • CWE-477: Use of Obsolete Function •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

11 Jun 2025 — An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Endpoint Encryption. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://success.trendmicro.com/en-US/solution/KA-0019928 • CWE-477: Use of Obsolete Function •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

11 Jun 2025 — An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Endpoint Encryption. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://success.trendmicro.com/en-US/solution/KA-0019928 • CWE-477: Use of Obsolete Function •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

11 Jun 2025 — An insecure deserialization operation in Trend Micro Apex Central below versions 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. ... An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. • https://success.trendmicro.com/en-US/solution/KA-0019926 • CWE-477: Use of Obsolete Function •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

11 Jun 2025 — An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. ... An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. • https://success.trendmicro.com/en-US/solution/KA-0019926 • CWE-477: Use of Obsolete Function •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

11 Jun 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Fana allows PHP Local File Inclusion. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types c... • https://patchstack.com/database/wordpress/theme/fana/vulnerability/wordpress-fana-1-1-28-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

11 Jun 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Besa allows PHP Local File Inclusion. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types c... • https://patchstack.com/database/wordpress/theme/besa/vulnerability/wordpress-besa-2-3-8-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

11 Jun 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Lasa allows PHP Local File Inclusion. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types c... • https://patchstack.com/database/wordpress/theme/lasa/vulnerability/wordpress-lasa-1-1-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •